Link to home
Start Free TrialLog in
Avatar of experte
experte

asked on

How does a signed Applet read a file ?

I have a signed applet that should read a file.
I used the privilegManager to ask for "UniversalFileAccess"
and then the security Window pops up, I grant the access and
try to open a file ( just READ ) butI still get the Security Exception.
If I try this from a different computer ( not at home ) then
I don't even get the Security Window asking for File Access.

My site is located at:
http://www.darmstadt.gmd.de/~petersil/diplom/indexb.html

There you have to press the eject/insert button

I will place the source code there too soon.
ASKER CERTIFIED SOLUTION
Avatar of biged040597
biged040597

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of experte
experte

ASKER

Hi Biged !

This was an interesting answer !

O.K. I REMarked the "SET Classpath....." line in my autoexec.bat file and tried it again.
First I opened the NC 4.02 and opened my index.html on my local computer that holds the
applet. And... it worked ! The applet could open and read a local file on my computer !

Now I went online ! That is, I start AOL and then choose "Go online" with NC 4.02.
I went to my site:

www.darmstadt.gmd.de/~petersil/diplom/indexb.html

that holds exactly the same html file with the signed applet. First the Java Security Window
pops up, because of the java code where I ask for more Privileges
"......
                 try {
                    PrivilegeManager.enablePrivilege("UniversalFileAccess");
                 }
......."
I GRANT the request, but when open the file I get the same message:
"
# Security Exception: checkread:Read of 'F:\diplom\mpegrefvis\Qspal.mpg' not permitted
# Applet exception: security.checkread: Read of 'F:\diplom\mpegrefvis\Qspal.mpg' not permitted
netscape.security.AppletSecurityException: security.checkread: Read of 'F:\diplom\mpegrefvis\Qspal.mpg' not permitted
#  UniversalFileRead privilege not enabled: Reading files stored in your computer
java.io.IOException: CreateProcess: vcafe -netscape error=0
"
and the applet can NOT read the file.

Funy is, that if I use a different computer and start nc 4.02 and look at the site, there is
NO Java Security Window showing up !!!????? The Java console says that the Issuer of my
Certificate is not known on the actual system.

What I wanted to know was, how does the "right" way works ? What steps do I have to
do,  so that my applet ( that I signed with zigbert ) located on a server, can read files
on a local computer from the user that visits my site and starts the applet.
What is important in the Java source code ? Why does the Java Security Window does not
pop up on a different computer when visiting my URL ?

Hope you can send me some infos !

Guido
Hi Guido,

I have never signed a JAR file for Netscape. Since we're still in the debugging phase at the current project I use codebase prinicipals, i.e. I added user_pref("signed.applets.codebase_principal_support", true);
to my prefs.js.

This way you can use the netscape.privilege package without signing the applet.

I advise you to get the latest JDK patch for Netscape and the netscape.security package. This solved a lot of problems for me, mostly concerning AWT but who knows how many bugs Netscape can put in their VM implementation.

Apart from that, make sure that you also put the netscape.security package on the web with your applet since that way you can be sure everyone who starts the applet will use the  netscape.security package you expect.

Furthermore, you are using a macro target "UniversalFileAccess". Maybe you should first try to enable the "UniversalFileRead" target , and check afterwards if grant was succesfull. Something like this:

if (System.getProperty("java.vendor").toString().charAt(0)=='N') {
pm = PrivilegeManager.getPrivilegeManager();          pm.enablePrivilege("UniversalFileRead");
try {            
pm.checkPrivilegeGranted("UniversalFileRead");
} catch (ForbiddenTargetException e) {
// privilege is not currently granted
 System.out.println(e.toString());
}

Note that you must call PrivilegeManager.getPrivilegeManager(); before using the static methods. (from the dox:
While you can construct your own instance of this class, it won't do you any good to add privileges to your code. Instead, you should call PrivilegeManager.getPrivilegeManager())

You could also try the parameterized Targets : FileRead (from the dox:
if you only want read access to a handful of files, you can pass the file name as the "data" field to enablePrivilege        
)

It's not a cut and dry solution to your problem but when 2 browsers act differently running an applet it is always a bitch to find what's wrong.

Greets,
biged.